Maltego

Advanced Entity Creation

Modified on: Thu, 16 May, 2019 at 2:13 PM

Calculated properties

Another concept that was introduced to Maltego was the use of calculated properties. A person’s fullname for instance is calculated by the concatenation of the firstnames and the lastname. This is exposed in the Maltego client:

The only entities that use calculated properties are:

maltego.Person

maltego.Location

maltego.PhoneNumber

Inheritance

CaseFile offered many more entities than Maltego. In CaseFile you can have a Judge, Criminal and Officer that are essentially all Persons. When importing a graph made in CaseFile into Maltego you would want to be able to run the Person transforms on all of these but the early data model did not support it.

We added the concept of inheritance – for the standard Maltego installation this meant that the MXRecord, NSRecord and Website entities were really just specialized DNSNames. The upside of it is that one transform (DNSName 2 IPAddress) worked on all of them – this saved a lot of transform configuration. For example - if you specify on the TDS that a transform will run on a DNSName it will also run on all entities down the ‘family tree’ – MXRecord, Website and NSRecord.

At the top of the tree is ‘maltego.Unknown’. This means that if you configure a transform to run on this base entity type – it will be available when you right click … on any entity.